[clug] Why is my SSH port forwarding failing all of a sudden?

[Chris Smart]

On 03/02/16 20:53, Tony Lewis wrote:
> On 03/02/16 20:40, Tony Lewis wrote:
>> I cannot figure it out but will keep an eye on it to see if it
>> misbehaves again.  It's probably me, but I just cannot figure out what
>> I broke and how I fixed it.
> 
> Oh.  Found it.
> 
> The client authenticates as user tunnel on the tunnel server using a
> public key.  Somewhere along the way, adding a new user, I had reset the
> password, with the intent of locking it afterwards ("passwd -l
> tunnel").  I expired it instead ("passwd -e tunnel").  The PKI
> authentication worked, or at least appeared to work, as the account is
> configured to not give a shell and only tunnel ports.
> 
> But that's the difference.  An expired password, which is where the
> login progam won't let you log in without setting a new password, locks
> at least tunnelling, and probably locks any session itself. Setting the
> password to something dumb and then locking the account has fixed the
> problem.
> 
> So, again, thanks for the input.
> 

Nice one, glad you found it!

-c

-- 
  _
 °v°
/(_)\
 ^ ^